F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Randy_Abrams's avatar
Randy_Abrams
Icon for Nimbostratus rankNimbostratus
Jan 03, 2014

ProxySSL - tracking the client

Consider the following scenario: A virtual server is defined with a ProxySSL rule to inspect traffic before passing the stream to another virtual server.

 

Question: If a connection is inspected, then rejected by the ProxySSL VS for some reason, is there any way to associate the connection with a client other than source IP? Is there any way to determine the client certificate or the SSL session ID in the ProxySSL VS?

 

application delivery
certificate
design
devops
iRules
proxy ssl
security

2 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jan 03, 2014

    I'm a little confused by your description. ProxySSL, being a man-in-the-middle SSL mechanism, needs a direct client to server SSL negotiation. So do you mean the client is negotiation SSL (through your ProxySSL-enabled VIP) to another physically separate device downstream?

     

  • Randy_Abrams's avatar
    Randy_Abrams
    Icon for Nimbostratus rankNimbostratus
    Jan 06, 2014

    Yes I mean the client is negotiation SSL (through a ProxySSL-enabled VIP) to another physically separate device downstream.